Guillaume Toison

icon location France icon location Software engineer with an interest on static analysis, testing and avoiding bugs in general.

Results 231 comments of Guillaume Toison

Findbugs is reporting false positive bugs SA_LOCAL_SELF_COMPARISON when using instanceof pattern matching

@mpet I think you might be running into an issue with Eclipse's compiler producing redundant bytecode. When SpotBugs analyzes that bytecode it finds the SA_LOCAL_SELF_COMPARISON which is indeed in the...

Findbugs timeout issue

Thank you for reporting the issue, this could happen for various reasons and depending on the cause I would need more details: - The JVM is running out of memory:...

Findbugs timeout issue

@PetreVane can you try with 4.2.3? You have updated the timeout value, that most likely fixed your problem; I wouldn't expect that reverting to 4.2.1 helped here. In case you...

Findbugs timeout issue

On the plugin side the significant change between these versions is that the code corresponding to Unit Tests is now analyzed. You can try disabling that with the `sonar.findbugs.analyzeTests` option...

java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL

Thank you for reporting this, I think this is due to a new bug detector introduced in https://github.com/find-sec-bugs/find-sec-bugs/pull/728 The problem should be fixed by https://github.com/find-sec-bugs/find-sec-bugs/pull/728 once released. In the meantime...

java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL

The issue in findsecbugs was fixed but unfortunately not released. Once it is released I can incorporate the new version here

CodeNarc sensor unable to resolve classes

Maybe this will help: the SpotBugs plugin also needs the libraries to analyze a project; it uses the JavaResourceLocator from the sonar-java plugin to get the classpath: https://github.com/spotbugs/sonar-findbugs/blob/b3599e2c27471cfaf1c18bf726d31ea3b305cc4f/src/main/java/org/sonar/plugins/findbugs/FindbugsConfiguration.java#L91

Getting "Hard coded password found here" exception where (IMHO) it shouldn't

Hello, this rule is from [findsecbugs](https://find-sec-bugs.github.io/) Before you report the issue there can you please say which version of the plugin you're using? So I check what's the corresponding version...

Getting "Hard coded password found here" exception where (IMHO) it shouldn't

The plugin version should be visible in SonarQube's marketplace page where all the plugins are visible (you need SonarQube admin rights to see that page I think)

Getting "Hard coded password found here" exception where (IMHO) it shouldn't

Thanks, it would be helpful to report the false positive on https://github.com/find-sec-bugs/find-sec-bugs/issues with a minimal code example reproducing the problem. The code sample you have posted does not have the...